Black Book Research received survey responses from 2,980 security and IT professionals from 877 provider organizations to identify gaps, vulnerabilities and deficiencies that persist in keeping hospitals and physicians proverbial sitting ducks for data breaches and cyberattacks. Eighty-six percent of IT professionals agreed with the sentiments that data attackers are outpacing their medical enterprises, holding providers at a continued disadvantage in responding to vulnerabilities.
Eighty percent of respondents stated that their organization has an acting CISO, and 64% of IT managers believe their connected medical devices are secure with current software updates.
A fragmented mix of 462 vendors offering data security services, core products and solutions, software, consulting and outsourcing received user feedback including large IT companies, mid and small security vendors, healthcare-specific firms, consultants, and start-ups in the polling period Q1 2021 to Q4 2021.
“Most healthcare CISOs and CIOs have no choice but to leverage next-generation cybersecurity system tools and solutions in order to keep their provider organizations’ data safe but also to stay solvent,” said Doug Brown, President of Black Book™. “The threat landscape in healthcare has become fertile ground for malware, ransomware, breached medical records and patient privacy, phishing expeditions and cyberattacks with the COVID-era adoption of telehealth and remote patient monitoring in particular.”
“The frank reality is that many cybersecurity solutions purchased in 2020 may already be outdated and deficient in combating developing hacks and breaches of 2022, and marginally performing hospitals face yet another threat to closure from related expenses and blows to the provider’s reputation,” said Brown. “Virtual patient consultations and telehealth to prevent the spread of the virus have expanded use of remote access systems which serve as entry points into the healthcare information platforms for cyberattacks.”
Still, 21% of chief information officers with negative 2020 operating margins report slow or no progress towards orchestrating a proactive cybersecurity technology infrastructure to support their long-term protection efforts.
“Given the complexities of each individual health system and physician organization, implementing the right cybersecurity software and solutions in delicate sequence is crucial as to not create an even more adverse situation through the transition,” said Brown. “The pandemic has also generated a tremendous amount of patient medical data stored by local, state and federal government agencies, as well as provider organizations which has seen an increase in malicious IT attacks permitted through less-secure technologies and interoperability connections.”
In contrast, 96% of CIOs and CISOs in companies performing at margins supporting long-term viability (marked at over 5%) report successfully maintained cybersecurity programs and transformations initiated, with 2022 capital expenditures planned for upgraded tools such as cybersecurity analytics, network security, open-source solutions, threat intelligence and cloud security.
A key survey finding on budget allocations for cybersecurity in 2022 emerged: only 22% of IT managers have confidence that their healthcare organization is allotting adequate funds to secure its IT systems.
As spending for cybersecurity consulting, software and outsourced solutions is evaluated for the calendar year, expenditures for cyber liability insurance expanded six-fold in 2021 to protect healthcare providers in the event of ransomware, data breaches and other cyber incidents. Sixty percent of CIO respondents said that their organization has had to submit a cyber insurance claim since 2019.
In an independent Black Book survey of 5,150 healthcare consumers, 95% of patients stated they believe their providers are shielding them from communications of actual data breaches and threats. Ten percent of consumers responding stated they were only informed of any cyberattacks in the healthcare industry in the past 24 months because of regional media coverage.
Consumers indicate that trust that their personal medical data is protected will rise to be a significant issue in selecting a provider in 2022. 91% of patients aged 25-34, 96% of patients 35-44 and 87% of patients 45-54 stated they would break from their current health system loyalty, either hospital or physician practice, if a major data breach or ransomware incident personally affected them in 2022 where available IT solutions to protect their privacy was not properly utilized.
Black Book™ announces the top-performing cybersecurity software and services vendors as ranked by customer satisfaction on 18 client experience-based key performance indicators in multiple categories of tools and solutions.
Black Book Market Research LLC conducts polls and surveys with healthcare executives and front-line users about their current technology and services partners and awards top-performing vendors based on performance based on qualitative indicators of client experience and solution/service satisfaction and three indicators of customer loyalty. Black Book surveyed users of eighteen categories of cybersecurity vendors, consultants and advisors which produced the 2021 ratings of number one performing suppliers.